Overview

Purpose:

Communicate potential risks to stakeholder.

Communicate rationale for security-relevant decisions to stakeholder.

Role:

who typically does this

Frequency:

Log Review Tips

Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?
1. Consecutive login failure especially in non-office hour.
2. Login in non-office hour.
3. Authority change, addition and removal. Check them against with authorized application.
4. Any system administrator's activities
5. Any unknown workstation/server are plugged into the network?
6. Logs removal/log overwritten/log size is full
7. Pay more attention to the log reports after week-end and holiday
8. Any account unlocked/password reset by system administrators without authorized forms?